Redirect DNS queries
-
Hi, I installed pfblocker and I need to make dns redicrect.
All DNS queries have to be forwarded to dns resolver in pfsense.
I made two rules.
It seems working but i I read pfsense documentation ant it talks about NAT
https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html
Do i have to add NAT rule?
thanks -
@reynold
Redirecting DNS requests ensures that the client succeed to resolve the host name, even if he try to use any other DNS server. The request is redirected to pfSense, resolved and pfSense responses with the origin requested server IP.
So the client doesn't complain that he is not able to resolve. -
@viragomann
ok, thanks a lot, so the difference is that:
1)if i set up my dns on 8.8.8.8 and i do not enable redirect my client won' t resolve
2)if i set up my dns on 8.8.8.8 and i enable redirect client will resolve domain but it will use pfsense and not google dns
Is that correct? -
@reynold
Yes, correct.
The client will not notice, that the request was not responded by Google in fact.To prevent that the clients use DoH you can configure suitable pfBlocker lists.
-
@viragomann
Yes, I enabled lists for doh.
Should I also configure rules for port 853 ? (DNS over TLS) ? -
@reynold
I've just blocked it with a floating rule for all internal interfaces.